Success in Security Analytics

Over the next couple of years, security professionals can expect abundant innovation and plenty of competition in their field. The big data security analytics market is breaching high water marks with enterprise players, government integrators, security vendors, and startups diving in. Innovations in five key areas are expected:
1.    Intelligent algorithms
2.    Visualizations
3.    Security analyst affinity
4.    Network-wide cooperation
5.    Additional security services
In the first, writes Jon Oltsik for Networkworld.com, intelligent algorithms were out of reach for most SMEs. The reality means security vendors must fill the holes with “canned” analytics. But this is soon to change; future development in the area is based on “nested algorithms” where behavior patterns of applications, individual machines, or even whole networks are combined for more systematic behavioral analytics.
Five_areas_for_success_security_analytics_1The second point concerns the visualizations. Today, this is an emerging area seeing an increasing amount of research and development. What is elementary today – dominated by pie charts, graphs, and pivot tables – will become much more with tablet-like data manipulation, 3D graphics for pattern matching, scoring analysis, and data pivoting.
Security analysts tend to have seemingly haphazard methodologies, pivoting from one query to the next using spreadsheets, scripting, and SQL. Security vendors would do well to study their methods and skills though. Development of tools that match their needs – to modify data views and redirect queries with ease – will improve upon current open windows investigative tactics.
Concerning the fourth point, cooperation across a network and cloud-based sharing will become easier. Successful companies will need to encourage networks of customers, developers, analysts, and security researchers. This will lead to increased sharing of key information: security intelligence, best practices, and algorithms, among interested parties. Collaboration on a range of issues will be possible. For example, ecommerce vendors may work together on common fraud detection strategies or financial services companies may share information on phishing scams.
Additional security services complete the list. Already there is product development for big data security analytics providers in a range of areas not traditionally related to incident detection and security investigations. Areas such as risk management, regulatory compliance, and fraud detection are all seen as targets for some vendors. It is highly likely that these kinds of security analytics will evolve into a mix of real-time and asymmetrical product capabilities. Organizations can use this to develop risk scores that help to better focus resources, investment, and security priorities where needed.
Big data security vendors will need to focus on these five areas in the next few years. Ones that do so successfully will invariably find themselves big data security analytics leaders. The market is huge, so expect technical advances – and a lot of churn and excitement.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”

Related Posts